4 Reasons to Fear Encryption 'Back Doors,' Even Though You're Not a Terrorist
This seemingly simple demand opens a massive can of extremely dangerous worms.
Apple's open resistance to a judge's orders to help the FBI crack the passcode for the iPhone owned by deceased San Bernardino terrorist Syed Farook has given some much wider attention to the debate over encryption.
On one side, we have law enforcement and some government officials saying they need to be able to get access to data that can help fight terrorism and serious crime. On the other side, we've got privacy advocates and tech experts worrying about how this power could potentially be abused and how it compromises the security of all our data and leaves us open to hackers, identity thieves, and other criminals.
Much in the vein of those who have decided not to worry about government surveillance of our online and phone communications because they have "nothing to hide," there are citizens who see only an effort to stop terrorism and not any of the other potential consequences. If you are one of those people (or you have people of that type in your life or Facebook feed), here are a sample of reasons why government "back door" access to encryption has the potential to cause harm to you, your family, and other people who are not terrorists trying to kill people.
1. This Is Much Bigger than Just Letting the Government Access a Single Phone
"Can't Apple just give them the information from this one phone?" That simple question is the basic frame for the debate. The judge's order demanding that Apple assist the FBI getting access to the contents of terrorist Syed Farook's phone attempts to set up a situation so that the feds would only be able to use this tool to access this one phone in Apple's presence.
Apple CEO Tim Cook's response to the public is that no, Apple cannot create a tool or program that can open just Farook's phone that cannot used again or—more importantly—cannot be replicated and abused by people with bad intentions: "Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge."
And let's be very clear: The federal government's desire to get past encryption on smart phones is not limited to Farook. This is a test case. Federal law enforcement officials and intelligence agencies have been looking to find ways through encryption for decades now. As The Guardian noted in their reporting of the background of this fight, this case, if the FBI is successful, would create a precedent where the government would be able to conscript tech companies (even more than they already do) to help them investigate criminal suspects at the expense of the companies' own customers safety and security.
Therefore, even if Apple is actually able to create a program or tool that will open Farook's phone and only Farook's phone, there is absolutely no reason to believe that it will stop there. And ultimately, Cook's fears will eventually come true. The more the government turns to this method of trying to bypass encryption the more likely these tools will indeed end up getting out there in the world in the hands of hackers or crooks.
2. If the U.S. Can Demand IPhone Back Doors, Then So Can China, or Russia, or Iran, or Your Local Sheriff …
We can talk about the some of the ways America and other Western countries have less than stellar records respecting the civil liberties of their citizens, but they tend to pale in comparison to what goes on in other countries. People who speak out against their own government are jailed, or worse. The privacy of encrypted communications allows activism and defiance against oppressive regimes in a way that reduces potential risk. Officials demanding back doors on encryption propose that this effort fights only terrorism and crime and therefore saves lives. That's far from the whole picture. Encryption helps protect citizens from identity thieves and hackers, but also from snooping authoritarian regimes looking for dissidents to imprison. Encryption doesn't threaten lives—it can help protect lives.
Americans may see back doors solely as a tool to fight terrorism or other serious crimes. And that's exactly how supporters of encryption bypasses want Americans to see it. But these back doors are just a neutral tool that can be used for any number of purposes, many of them very, very bad. Congress, the president, and the FBI would not be the people having final say on what is and is not an acceptable use of an encryption back door.
3. Apple Made the Phone; It Doesn't Own It. What Does This Say About Control of Private Property?
Nobody in this dispute is arguing that the FBI lacks the authority to attempt to collect any property possessed by Farook as part of the investigation on the San Bernardino terrorist attack. Nobody is even arguing that the FBI or the federal government doesn't have the authority to attempt to crack Farook's phone security on its own.
There is, however, a mistaken comparison to the serving of a warrant to perform a search from those who would defend the FBI's order here. A search warrant is administered to the owner or resident of a property. Apple is not the owner of Farook's phone (technically, San Bernardino County is, which is perhaps causing some people to think about company or agency security guidelines). Cook pointed out that Apple does cooperate with authorities when given subpoenas for data that is under Apple's direct possession. And it has apparently done so for this very investigation.
But Farook's phone is not Apple's property. This is not data held by a third party. This is not the same as serving a search warrant to demand access to somebody's house. Rather, this is like serving an order to the company that manufactured the locks on the house's doors and telling them they have to come out and unlock them so that police can gain entrance. That's why the legal debate surrounding the judge's order is reliant on the All Writs Act, a law as old as the United States government that permits judges to demand citizens take defined actions to further its legal goals.
We do have some unusual circumstances here. Farook is dead, so the cooperation of the property's owner is out of the question. But, to reiterate a previous point, the federal government has made it very abundantly clear that they want to bypass encryption not just in this one case, but in others as well, including cases where the suspected criminal is alive but uncooperative or unavailable. The government is attempting to coerce citizens into assisting the government to gain access to somebody else's property. This sets a dangerous precedent that is easy to ignore because of the circumstances of this case.
Consider instead, though, this process being used against living people for cases that are going to get much less attention than a man responsible for the deaths of 14 people on American soil in a terrorist attack. Consider, oh, an IRS investigation instead. Cook warns that orders like this could be used to demand the building of "surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge."
Suddenly your property is not even your property. This isn't serving a warrant to search your home. This is sneaking into your home when you're not there and going through your drawers without you even noticing.
4. The Government Has a History of Abusing Surveillance Authorizations
We haven't forgotten about Edward Snowden, have we? His leaks revealed that the National Security Agency (NSA) was secretly abusing surveillance authorities provided by the PATRIOT Act in ways its author never intended (and a judge subsequently ruled never actually authorized): They were collecting telephone and Internet metadata from pretty much all Americans and storing it for use for allegedly track down terrorists. There was no evidence that this violation of our privacy ever actually helped prevent a terrorist attack. It certainly didn't help stop Farook.
Even right now we know that the American government continues to use surveillance to monitor activism by Americans just as his done in the days of the civil rights battles of decades ago. Groups critical of government behavior from the left, the right, and anywhere in between, discover that their participants and events, even when completely peaceful, are being monitored by federal officials worried about anti-government behavior.
And that's just on the federal level. On the local level, consider that the New York Police Department has engaged in inappropriately broad surveillance against Muslim people both in its city and in New Jersey and has possibly been using X-Ray devices to snoop. We have police departments secretly using Stingray devices to collect cellphone location data and trying to conceal their use from the courts and defendants. We have local government agencies reading and recording the license plate numbers of passing vehicles and then considering sending drivers threatening letters if they are seen areas frequented by prostitutes.
Even if the government itself doesn't implement policies to violate citizen privacy, there are frequently bad actors who work for the government who use access to information for sinister ends. We've seen everything from Miami police officers using the names of people in the state's driver's license database to file false tax returns to NSA employees using their surveillance authorities to snoop on the communications of potential romantic interests.
Ultimately, what the FBI is asking for leads to yet another potential surveillance tool with extremely high potential for abuse. And because Americans now use these phones for so much and they have so much information on them, arguably giving the government a back door into our phones is even more intrusive than having them inappropriately listening into our phone calls or reading our mail.
Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.
Please
to post comments
Encryption with a back door isn’t real encryption.
Which makes me wonder exactly what the FBI wants Apple to do. If the encryption is “good” then there really isn’t anything Apple can do to get into Farook’s phone. All they could do is weaken their encryption with a back door so that they can get into other people’s phones in the future. If Apple can actually get into Farook’s phone then the encryption wasn’t really that good since Apple apparently already had a backdoor it could exploit.
Encryption is only as good as the password.
Strong passwords would be ungainly to enter every time you want to access a cell phone.
So a weak password is used with the threat device will be wiped clean after a small number of failed password attempts.
The FBI wants Apple to create a tool to block the threat of wiping the device clean so they can brute force attack the weak password.
Once this tool exists and gets into the wild (which will fucking happen), the iPhone security is totally worthless.
I wonder if the FBI thought to take Farook’s cadaver and place its index finger on the home button.
That’s only if Farook had a newer iPhone and set up Touch ID.
iPhone 5C does not have that capability. But also, the way these iPhone touch screens work is the tiny electrical charge in our bodies powers the contact direction, which is why rubbing a pencil eraser on the screen does nothing. So even if Farook’s lifeless thumb addressed the phone, it would need that electrical charge. A nearby finger of your friendly FBI agent is probably not a direct enough contact point to match up with the thumb print. I could be wrong, but they’re kinda sensitive devices in that regard.
That said, I’m sure they tried it, cuz FBI.
The probably started by cutting off all of her fingers, and trying them one by one.
Relevant
Well, if Apple can disable the automatic wipe without unlocking the phone then the auto wipe isn’t really much of a security feature. It seems like it should require a firmware update, which would hopefully require the phone be unlocked first, anyway. Does Apple claim that they are able to turn off the auto-wipe on a locked phone, or does the FBI just hope that they are able to?
No, they want Apple to disable the feature that wipes the phone after 10 failed passcode guesses. Which is a feature that Apple currently cannot turn off. After it is off, then the FBI can brute force the passcode as there is only 10,000 combinations.
The problem is that if the FBI can turn it off, then it won’t take long for every cracker in the world to figure out how to do it, since they now know that’s an open security exploit.
I agree. I was just explaining the issue.
Even if the FBI somehow keeps it in house, that’s still a huge privacy breach.
Fair enough, I’m not trying to argue with you, I kind of gave up around arguing with my boss that her cat’s name was qwerty.
After a certain point you just have to say fuck it and walk away when talking computer security.
But even if it was, the first things you try are the names of pets, kids and spouses.
“catnamedqwerty” would be a pretty robust password.
Your password must be no more than 12 characters.
Please enter your new password.
13 characters, lower-case only, no special characters or numbers?
Nah, that’d be caught in the early brute-force passes. After all, just because we’re brute-forcing it doesn’t mean we can’t optimize based on what we know of human behavior.
If Apple has signaled that it’s possible everyone already knows.
Exactly. The moment the possibility of a back door is revealed, the security feature becomes a security liability.
I don’t know what version of iOS Farook’s phone was on, but I can set mine to a 4-digit or 6-digit numeric code, or a custom numeric or alphanumeric code. So they can still brute force it, but it may be a bigger task than people think.
Agreed, most people I know still use the 4 digit pin, even though a longer pin or alpha-numeric is available.
But you can also set it to wipe the phone after a certain number (I think the default is 8) failed password attempts.
With MDM software, you can configure the phone to wipe itself if it enters/leaves a certain area?
Or can they turn it off? Has Apple been lying about that the whole time?
They want to disengage the password protection not crack the encryption. If they get the password the phone will decrypt itself.
Basically, what Kinnath said. But let me add to it a little– because it’s an iPhone, everyone knows or can reasonably suspect that, like most cell phones, that password is a 4 digit pin. So the password isn’t like the crazy ‘passphrase’ I use on my encrypted drives at home, but something that would be considered trivial breach with a brute force attack.
Think long and hard about how you protect your data.
+1 correcthorsebatterystaple
HorSE!baTTery*stapLE!
I’ve been thinking if over and I’ve realized that if the FBI has access to Farook’s email accounts, they can simply reset his Apple ID, change the password to his Apple ID account, log in to Find My iPhone, put it in Lost Mode with a new PIN, and then unlock the iPhone with the new PIN.
They could also try using a new iPhone with Farook’s Apple ID and restoring it from backup (either from iCloud or iTunes).
I think the FBI just wants Apple to do their hard work for them.
The FBI also already knows everyone that Farook has ever called or texted with that phone. What more do they hope to learn by unlocking it?
Nudes?
“They”, not “you”.
I don’t want to seem like an advocate for the FBI, but there’s a lot more you can do with an iphone than call or text someone. At least I hope it’s better than my 10 year old Alcatel
Yep, there has to be a remedy for forgetting a password
I think the FBI just wants Apple to do their hard work for them.
I think the FBI wants to be able to unobtrusively access data on phones without the knowledge of the owner. As it stands they could grab the data off the phone and decrypt it eventually, although what they hope to find that’s of any use at this point I can’t imagine. They want a government backdoor so they can access data without needing to get physical access to the phone or a subpoena.
And do FUTURE work for them, against both innocent and criminal targets.
The FBI wants access to the data it wants access to, period. And if they have to jeopardize every single American’s constitutional rights–and even their safety–to do it, then so be it.
I say that because we know the FBI knows what encryption is. They know it’s just math, and they know math can’t be stopped. They know the genie is out of the bottle.
But most Americans DON’T know those things. They don’t even understand what encryption is. So if they can force compromised, half-assed “encryption” that anyone sufficiently motivated can break into your consumer-grade products, then LE jobs get easier and their power increases. And they didn’t even have to get off their asses.
Most Americans won’t care because they don’t understand all this encryption stuff. And they think “I’m not doing anything wrong, so what do I have to hide?” They don’t know enough or think deeply enough to fear this power grab, and so they won’t notice when all of their shit is crackable.
They’ll notice and care later when someone from another country has stolen all their valuable data (which is only online and vulnerable because of federal mandates), sure, but then that will be someone else’s fault, not the FBI’s. Someone else will take the blame.
I’m not interested in ANY back door action.
You just haven’t met the right people yet.
Think long and hard
I don’t go in for these backdoor shenanigans. Sure, I’m flattered, maybe even a little curious, but the answer is no!
I am pleased with this article and again disappointed that (Paul)’s blog has not been updated in nearly a year.
There is a libertarian guy with a local talk radio show here in Cincinnati. As one of his callers put it, “When I go into the bathroom, I’m not doing anything wrong, but I still want to be able to lock the door.”
“When I go into the bathroom, I’m not doing anything wrong, but I still want to be able to lock the door.”
Excellent.
You could be doing heroin!
What if he kidnapped a child and dragged it in there?! Think of the children!
iPhones also have the ability to use an alphanumeric passphrase up to 50 characters. Even with a backdoor, a brute force attack would be impossible on practical timescales.
They have the ability to use a slate of characters but most people seem to use just the numeric option for convenience. Except me, even though I live a boring life I use strong passwords for everything. Because I can.
With some help from people who didn’t get creative writing degrees, the possible passphrase for an iPhone is 4.93×10^176.
The estimated number of atoms in the observable universe is 4?10^81.
so what you’re saying is…. that a lot of Atoms are just named “Password1234”?
And thus all the secrets of the universe was opened unto thee…
But even a 10 character is 10^104.
62^10 ? 10^18
It would still take a very long time to crack even with a room full of supercomputers churning on the task day and night.
It’s case sensitive and allows symbols, so the iPhone keyboard gives you 104 character by my count.
I could be wrong, though. me no math gud
And I’m lazy and just use a 4 number passcode.
Most people don’t use symbols. But if they’re available to you and you do use them, then it would be 104^10 ? 10^20, assuming your count of the number of characters is correct.
FIGHT FIGHT FIGHT FIGHT
” a 4 number passcode.””
Sneaky!
ThirtySevenNinetyTwo
“1234”
That’s the combination on my luggage.
+1 “suck to blow”
Yeah, using a brute-force attack that would take ages. But, there are other options: dictionary attacks, rainbow tables, etc.
I used this until I forgot it, then switched back to the 4 digit pin.
iPhones also have the ability to use an alphanumeric passphrase up to 50 characters.
I was going to ask about this, I know my phone passphrase is longer than 4 characters.
Even better math people says it only has a measly 7.1×10^100 possibilities with a cumbersome 50 character password.
:0(
If Farook actually used a 50-character alphanumeric passphrase, he would not be able to type it in every time he needed to unlock his phone. Everyone knows how hard it is to type accurately on an iPhone touchscreen alphanumeric keyboard. One wrong letter and you have to start all over…
Thus, the 50-character passphrase is only practical when used in conjunction with face or finger unlock, both of which the FBI could do with the cadaver. (It would be possible to heat up and electrically charge a dead, severed finger, if just a photo of the fingerprint pattern is not enough to fool the Apple TouchID sensor as was possible with earlier fingerprint tech.)
Actually, any passphrase longer than 8 alphanumeric characters probably is too frustrating to use in daily life. 6 numeric characters is acceptable because the numeric keypad buttons are large and hard to screw up.
Thus, the best practical everyday security is probably a 10-digit numeric passphrase. It’s already been proven that humans can memorize 10 digits but have trouble beyond that. Some people can dial on a 10-digit numeric keypad without having to look at their phone’s screen. It would be possible to unlock the phone one-handed while driving with a 10-digit numeric passphrase.
because they have “nothing to hide,”
Then they won’t mind me having their bank account numbers, user ID’s, and passwords.
If you don’t have anything to hide, you’re a goddamned idiot.
Or you’re just really boring.
Even if you have none of that and really have nothing to hide, is it okay if I peep into your window as long as you are wearing clothes and doing something boring when I do?
As long as you aren’t on their property.
That is what I mean. Can I trespass and peep into your window? Is that okay just so long as I don’t see anything embarrassing or do any damage? I don’t think so.
Sheesh, if you want access to my 24 hour webcam just ask.
You website keeps rejecting my stolen credit card.
24 hours? No rest on “Crustlust.com”, eh?
I give the people what they want.
Just make sure you don’t stop by on Naked Twister night.
Or Naked Yoga morning. It’s three hours of downward facing dog punctuated by sets of jumping jacks.
I think given the fact that the demand by the government predates the San Berdoo shootings, the pretense that the Govt just wants the content of the the shooters phone is pretty obviously baloney
“so the cooperation of the property’s owner is out of the question.”
You just said in the previous paragraph Farook didn’t own the phone!
This whole thing has nothing to do with cracking encryption. They want Apple to defeat the password protection. Of course you if you can do that the phone will decrypt itself.
tell us now how silence proves how fast people were moving
It is my understanding that the phone was owned by the county. It was his work phone. If you want to blame anyone here, blame the county for not ensuring its workers couldn’t encrypt their phones without the county knowing the password.
I doubt he would have had moral qualms about changing it.
Sure. But maybe the country should have left themselves a backdoor or not giving him the admin rights to change it.
But maybe the country should have left themselves a backdoor or not giving him the admin rights to change it.
Is this possible? I know my work computer has admin access they can get to, but as far as I know my phone they cannot? Or they can and I don’t know about it.
I would think so. If I were an employer, no way in hell would I want my employees to be able to lock their company issued phones or computers such that I could not if I wanted to get access to them. Think about the liability issues associated with that. What if the employee does something criminal and the court subpoenas you for your phone and you can’t get into it and have no idea what this ass clown might have done with your equipment on your time and for which you might be liable for? no thanks.
Depends on the phone, and your companies management software. For my work phone (Android), once I connected it to the company e-mail, it required me to install a security package which forced certain settings.
I carry a blackberry. Email and stuff they can get off the servers, but I wonder if they can get anything else as I locked my phone, encrypted as well, and I am the only one with the passphrase. My pc they have admin access to, so I know they can get that info.
Depends on the phone, the service provider,and your companies management software.
Broodling #1 got a ‘dumb’ smartphone and his own line. We can control the phone itself through the software and, just like all parents since the invention of the phone, we control the telephony in general through our contract with the network provider.
Usually phones have just a “wipe everything” option. They can remotely destroy any sensitive information if it is stolen or they fire you, but they can’t log in and root around. Mostly, because anything your IT guy can do, hackers can do.
This is the government we are talking about.
I’m already very cautious about what information gets on my phone. If the government gets what it wants, I will make double-damn sure that there is no data on the phone of any value.
Certainly criminals and terrorists will take similar precautions; indeed, they already do. What’s the government’s next move? Make it mandatory to keep all of one’s personal info on a cell phone, carried on one’s person at all times? Will not owning a cell phone be considered “obstruction of justice”?
+100 Exactly my thought
Subcutaneous RFID with a unique identifying number on all citizens.
Tattoos optional.
Kind of like being in trouble if stopped by a cop and not carrying picture ID?
Exactly. I can even see them using that as the rationale, with the “let’s all go down the slippery slope, it’s fun!” arguments that politicians are fond of using.
Why do you hate America?!?!?! Clearly you want the terrorists to win!
Even if you trust the government to have this power, there is no way to guarantee that the back door won’t be found and exploited by criminal actors. I am fine with the government, assuming it has a proper warrant, ordering someone to give over their password or be held in contempt of court if they don’t. It is no different than demanding the key to a lock.
Here the government wants the lock company to make a master key that will unlock any lock they make and then trust them that they will keep it from falling into the wrong hands. That is insane. No one would ever buy a lock if they knew there was a master key for it somewhere out there or at least they wouldn’t if they wanted to secure anything of value.
If the government wins this, it will do irreparable harm to US tech companies. No one in the world will ever trust any US company’s product not to have a US government created and exploitable back door.
The whole thing is nut.
At least will more nude photos of young, hot, and dumb actresses.
Has it ever come out who “hacked” those photos? I have to wonder if there were not some law enforcement people involved.
From what I have read, famous people are easy targets for social engineering.
Most systems typically have a limited set of security questions to pick from when creating an account so that you can recover your password or reset it.
Famous people have tons of personal data about their whole lives captured in public forums, so guessing the right answers to security questions is not that hard. So the hacker can reset the password and access any data stored in the cloud without having access to the mobile handset.
And a lot of famous people also keep nudes lefties and sex videos of themselves (ex: the fappening).
Most locks are easily pickable. Google “bump key”.
True. But that is not the point. Suppose there were locks that were unpickable, could the government demand the maker have a master key that works on any lock? I don’t think so.
Like on safes?
Wow. Seriously.
Bump key= -5 style points
Riven, can I get an AMEN?
Absolutely. Bump keys are for boorish oafs with no skill.
Also, bump keys have a pretty high probability of damaging the lock, so there goes your discretion, too.
Preach, Mr Drew.
I will make myself a set when I go back to work tomorrow.
I generally agree, but I think the assumption of a proper warrant is overly generous and insufficient. I don’t think it is valid to assume they will have a proper warrant. Even then, I think the standards for granting the warrant are too low and open for abuse by the people executing the search warrant.
That is a different issue. The point is that if they do have a warrant, you should have to turn over the password. What amounts to a proper warrant is another question.
Case law says different:
United States v. John Doe[edit]
In 2012 the United States 11th Circuit Court of Appeals ruled that a John Doe TrueCrypt user could not be compelled to decrypt several of his hard drives. The court’s ruling noted that FBI forensic examiners were unable to get past TrueCrypt’s encryption (and therefore were unable to access the data) unless Doe either decrypted the drives or gave the FBI the password, and the court then ruled that Doe’s Fifth Amendment right to remain silent legally prevented the Government from making him or her do so.
I know it does. And I disagree with that. And that is only one circuit. The issue has not yet been settled.
Off the original topic, but I’m inclined to agree with the decision. If 5A protects me from providing incriminating spoken evidence, then shouldn’t it also protect me from providing information that allows access to essentially the same evidence? Imagine if I was accused of planning to assassinate the Kardashians. I could refuse to talk about any plans I may have. But, what if a friend had sent me a letter, written in our own super secret code that only we know. The prosecution thinks that letter may contain info on my plans. Would I be forced to share the code?
But, aside from that… what if John Doe either forgets or “forgets” the password? It may sound like bullshit if he says he forgot right away. But, if he’s been held in contempt for a few years, it’s legitimate to argue that he actually forgot the password.
OIANALNAERCTBO (Obviously, I am neither a lawyer nor anything even remotely close to being one) and you could invent hypotheticals all day. But, I think it is wrong to compel someone to provide incriminating evidence against themselves.
There are similar findings in multiple court cases.
The government should be required to show that there is a compelling reason to believe the encrypted content contains evidence of criminal activity before it can force divulsion of the encryption key or unencrypted content.
For example, they would need a text from one terrorist saying to another terrorist “I put our cell’s contact list on my phone” or a record on an unencrypted portion of the hard drive showing that a file called “embassy bombing plans.docx” was copied onto the encrypted portion of the hard drive.
The idea that the government can force disclosure of potentially unrelated information without sufficient reason to believe there is related information should pretty obviously fly in the face of the Fifth Amendment and be rejected by the courts.
I would furthermore go on to say that the government should only be allowed to compel disclosure of information it can prove exists (e.g. in the aforementioned scenarios, they can only compel disclosure of the contact list, or of “embassy bombing plans.docx”), but that is at another level.
Well that’s what us securinerds are saying. If the system is encrypted, but with backdoor access for the FBI or the CIA then it isn’t secure. If the CIA can break the code then some smart russian kid could break it also.
The thing is, it doesn’t matter if they win this. Encryption exists that can’t be cracked on reasonable timeframes. (I don’t believe the government has quantum computers yet.) It’s just math, and anyone with sufficient knowledge can use it. The serious, professional Bad Guys will have it and protect themselves with it, and the FBI won’t be able to do anything about it.
This isn’t about catching the real bad guys. It’s about more easily catching low-hanging fruit so they can point to the arrests and say, “See? We’re keeping you safe. Now approve our budget proposal!”
Either that or it’s a naked power grab. Maybe both.
5. You can’t coerce a team of engineers to break the phone’s security without backing it up with threats of violence.
Exactly. If they don’t comply, they will be held in contempt fo court and subject to being thrown in jail. This is criminalizing the refusal to assist the government in a criminal investigation. Not tell them what you know if they ask. But criminalizing you not actively working to help them.
Yeah, that won’t lead anywhere bad. I am sure of it.
There is an error in the article. There are 5 reasons to fear encryption backdoors.
5. Government Employees Have a History of Abusing Accessing to Surveillance Equipment
“How NSA Spies Abused Their Powers to Snoop on Girlfriends, Lovers, and First Dates”
I know it’s mentioned in the article but it should really be a separate entry.
It is not just government employees. Any group of people will have someone who breaks the rules even if you subject them to punishment. So if the information is collected, it will at some point be abused, guaranteed.
Correct. It isn’t just government employees, it is also government contractors.
Dating a government employee? Desperate loser!
This entire thing is to distract people from pointing out that government hired these murderers and even did background checks on them.
And yet requiring background checks for all gun buyers is considered a “common sense” approach to preventing mass murder with firearms.
Much like what happened after the terrorist attacks in San Bernadino, the FBI should be granted access to the phone by any means necessary. Then, they should allow the media to have live access to the phone’s content.
i think the mistake in this debate is granting the feds their pretense that “the contents” of the phone are really what they’re after.
they’re not. they made this same demand well before the san berdoo shootings even happened.
they’re after the means to access anyone’s devices, and this particular device and its association with the San Berdoo criminals is just an opportune excuse for them to grab the power to bypass consumer-encryption
Of course, they could get what they want by actually passing a law (as noted in the doc – an amendment to CALEA) that forced all telecom companies/phone manufacturers to build the needed ‘backdoors’ into everything.
But they wont because it wouldn’t pass constitutional muster.
You seem to think the constitutional matters.
or Constitution.
“You seem to think the constitutional matters.”
I believe it is essential to take a constitutional every morning
I actually do think the constitution matters here
at least in the sense that the Govt is aware that if they try to get what they want via expanded legislation, they’d run into trouble in the courts as well as with the general public.
so instead, they want to simply try to get this “All Writs” authority expanded
The way the DoJ is trying to strongarm Apple in public here is evidence that they don’t think the courts will necessarily grant them every wish. If they can jawbone compliance, it sets an example.
There should be a bullet point #5 to this article: Backdoors can’t stop encryption anyways.
One can encrypt letters on a piece of paper. A clever terrorist easily can obfuscate their critical communications in myriad uncountable ways manually, with a secret decoder ring if they want.
There is also an odd argument to make (I think) for not letting cops get so lazy depending on databases. Every character who ditched the credit cards and wireless widgets – Eric Rudolph, the creep who abducted Elizabeth Smart, Osama – all stayed off the gubmint’s radar despite vast efforts by leviathan to find them. If the fuzz can’t look it up on a computer, they can’t find their own asses anymore as it is.
My roomate’s sister makes $56 an hour on the internet . She has been without work for 4 months but last month her pay was $16168 just working on the internet for a few hours. linked here……ea……..
Clik this link in Your Browser…….. http://www.alpha-careers.com
Since the court is relying on the All Writs Act, one of the criteria the judge has to meet requires courts to issue writs “agreeable to the usages and principles of law.” Forcing a third party, not directly involved with crime, to do a significant amount of work, at their own cost, which could also lead to hurting their financial position, in no way could be considered agreeable to the usages and principles of law. Of course, all statutory law is subordinate to the well-known FYTW clause in the “Who Gives a Shit” Section of Article “We Own You” of the US Constitution.
Though i despise Apple, i trust them much more than the government to protect my privacy. They have every incentive to do so and the government always lies and misuses power.
And the #1 biggest reason you *shouldn’t* fear this?
Because if you’re responsible and paranoid, you don’t encrypt anything you expect to remain secret forever more anyway. Face it, with computers improving every year, not to mention the shit those math geniuses figure out, cracking encryption is mostly a question of “when”, not “if”. So if you murder someone, and write a confession with enough detail to convict yourself, don’t encrypt it under the assumption that no one will ever be able to crack it. Encrypt it under the assumption that if you lose access to the device it’s stored on, you’ll have a long enough lead to get the hell out of dodge.
Sure, things like what the FBI is asking of Apple will shorten that window. But the point remains: you encrypt things you don’t want to get out *now*, but if you don’t want it to get out *ever* then encryption is not enough.
So long story short: if you’re really paranoid, you’re not going to encrypt anything incriminating anyway.
Caveat: none of this should be taken as endorsement of the FBI’s actions. I wish Apple the best. But I’m not betting on it or relying on encryption to be un-crackable. And you shouldn’t either.
It seems that the government only wants to disable certain password protection features to open the phone, not decrypt it. If that’s all it takes, then I don’t buy the slippery slope argument. Nor that it would be somehow burdensome for the company.
I don’t trust the government, but I don’t wade into kooky Ron Paul territory either. Since due process rights and warrant requirement were met or doesn’t apply here, I don’t see why the government can’t order the company to unlock one of its products (in a criminal investigation of matters of national security), if they already have the ability to do so. The SB shooters did not work alone.
Can the government compel a safe manufacturing company to break into one of their safes they advertised as “unbreakable”? Maybe provide a “master key”? If that’s constitutionally kosher, then there’s no reason Apple shouldn’t comply. Concerns about what the government MIGHT do with this master key has to be weighted against the lives the unearthed information might save.
The “unearthed information” could just be naked pictures of his wife. We have no way of knowing. Do the Feds have an idea of what they will find on this phone or do they want to take a look because they believe they have that right?
Am I seriously reading this on a libertarian website?
That is something that does not currently exist, so it is burdensome. Not only that, but defeating those security features will, in effect, break the encryption, since bruteforcing such small PINs is incredibly easy.
Apparently you do, since what the government wants is a method to break the security of all iPhones. You can’t make it work on just this one and no more. Supporting this is the same as supporting reduced security for all users.
They’re asking Apple to build a “master key” that does not currently exist in order to bypass the functionality that wipes the phone after so many incorrect attempts.
There is no ‘balance’. Either you’re for freedom or you’re not. In a country that is supposed to be “the land of the free and the home of the brave”, I don’t see why you would prefer safety over freedom.
And it’s not a question of how the government “might” abuse its newfound power, but how it will abuse its newfound power. As Snowden and others showed, the government desperately wants to violate the privacy and constitutional rights of as many people as possible. It isn’t a mere ‘maybe’ that the government will abuse their powers, but an absolute inevitability. History proves this millions of times over.
Excellent article. As far as I can see here, this is something that the government probably can demand, but sure as hell shouldn’t.
I sincerely hope Apple stands their ground. I am much more afraid of a government out of control than a terrorist. What happens when a crucial vote come before the Senate and the deciding vote is held by a Senator who is poking an intern do you want his phone being tapped. The CIA was just caught spying on sitting Senators. Do you really believe that was the first or last time. Once again please stand your ground
Wouldn’t it be funny if his password turned out to be “password”.
That’s the sort of password an idiot has on his luggage.
Damn, I may just have to buy one of those PC non-PCs.
THis is unadulterated alarmist BS. Apple can rettieve the info without giving up anything. Regardless, human life takes precedent over “right to privacy” which is in no way violated.
Fuck off, slaver.
Amen.
” Regardless, human life takes precedent”
Whose life? They’ve killed who they wanted to kill. And no retrieving the info won’t just let them open one phone.
My last pay check was $9500 working 12 hours a week online. My sisters friend has been averaging 15k for months now and she works about 20 hours a week. I can’t believe how easy it was once I tried it out. This is what I do,
go to tech tab for work detail,,,,, http://www.onlinecash9.com
To me this seems like a simple problem. My understanding the code on Farook’s phone is only 4 digits, 10,000 combinations. A brute force method seems the best way. Here is how I would crack it if I had the resources of the FBI.
In most phones the OS and memory storage (encrypted or not) is all stored on one flash chip. First disassemble the phone and remove the onboard phones NAND flash memory which should be easy without damaging it. Copy the memory flash contents in to other flash parts. Install these into to other iPhones and try the codes to you hit it. This could be done with one iPhone with a removable flash chip socket wired in (very possible) or with just a lot of iPhones. Only 1000 required. If there are other things that are unique to the phone this method could still work by first trying on other phones till perfected then use it on Farook’s phone.
My last pay check was $9500 working 12 hours a week online. My sisters friend has been averaging 15k for months now and she works about 20 hours a week. I can’t believe how easy it was once I tried it out. This is what I do..
Clik This Link inYour Browser….
? ? ? ? http://www.workpost30.com
My last pay check was $9500 working 12 hours a week online. My sisters friend has been averaging 15k for months now and she works about 20 hours a week. I can’t believe how easy it was once I tried it out. This is what I do..
Clik This Link inYour Browser….
? ? ? ? http://www.WorkPost30.com
I thought the software the runs the phone WAS Apple property, merely licensed to the current user. And the physical phone is just random metal without the software.
my friend’s sister-in-law makes $85 hourly on the internet . She has been without a job for ten months but last month her paycheck was $21785 just working on the internet for a few hours. look at this web-site….
Clik this link in Your Browser
??????????? http://www.Wage90.com
an equally great story is the fact that the u.s. gov does not have the technical know-how to do this on their own. consider that the fbi was entertaining ideas regarding loosening drug use disqualifiers for hiring purposes (tech jobs).
my friend’s sister-in-law makes $85 hourly on the internet . She has been without a job for ten months but last month her paycheck was $21785 just working on the internet for a few hours. look at this web-site….
Clik this link in Your Browser
??????????? http://www.Wage90.com
My last pay check was $9500 working 12 hours a week online. My sisters friend has been averaging 15k for months now and she works about 20 hours a week. I can’t believe how easy it was once I tried it out. This is what I do..
Clik This Link inYour Browser….
? ? ? ? http://www.WorkPost30.com
My last pay check was $9500 working 12 hours a week online. My sisters friend has been averaging 15k for months now and she works about 20 hours a week. I can’t believe how easy it was once I tried it out. This is what I do..
Clik This Link inYour Browser….
? ? ? ? http://www.workpost30.com
Yeah let’s create something that can break into iPhones. Then when the US Marshal’s Service finds it has to get it’s protected witnesses dead because their agents phones have been hacked, domestic violence shelters find that people are selling the names of their clients etc. we can pass a law to fix that problem.
The Fit Finally programs and guides are based on over 600 research studies conducted by some of the biggest Universities and research teams of the world.
We take pride in the fact that our passion for better health and fitness is 100% backed by science and helps 100’s (if not 1000’s) of people every year since 2010. Just try it:
http://03615gbnxbyy5y42r9r8o80…..kbank.net/
I’ve made $76,000 so far this year working online and I’m a full time student.I’m using an online business opportunity I heard about and I’ve made such great money.It’s really user friendly and I’m just so happy that I found out about it.
Open This LinkFor More InFormation..
??????? http://www.workpost30.com
thanks for the information is very interesting and very useful Cara Pemesanan Ace Maxs, Jelly Gamat
The technology is so developed that we can watch videos, live streaming, TV serials and any of our missed programs within our mobiles and PCs. Showbox
All we need is a mobile or PC with a very good internet connection. There are many applications by which we can enjoy videos, our missed programs, live streaming etc.